# KB000001: The Access Manager Agent cannot connect and logs a token-validation-failed error ## Summary The Lithnet Access Manager agent may show the following error message in the agent log file ``` LithnetAccessManagerAgent[909131]: Lithnet.AccessManager.Agent.LinuxLapsAgent[1006] The LAPS agent process encountered an error Lithnet.AccessManager.Agent.ApiException: The API call failed with HTTP status Unauthorized:Unauthorized. The API returned error code 'token-validation-failed' ``` The server will show a corresponding error message in the `access-manager-api.log` file ``` |ERROR|Lithnet.AccessManager.Api.ApiErrorResponseProvider|The security token failed the validation process Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException: IDX10214: Audience validation failed. Audiences: 'System.String'. Did not match: validationParameters.ValidAudience: 'System.String' or validationParameters.ValidAudiences: 'System.String'. ``` ## Cause This issue occurs because the hostname configured as the `API host name` on the server, differs from the host name provider at agent registration time ## Resolution ### Step 1: Validate server-side API host name To resolve this issue, first check that the `API host name` field is correct on the server side. ![](https://2384577883-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FGiL0iwWnyPOkaGqdhRTp%2Fuploads%2Fgit-blob-438368d8aec5ee8d5f074baf98672ba92ce1c0e4%2Fui-page-host-configuration.png?alt=media) ### Step 2: Validate client-side configuration On the client side, ensure the matching name has been specified during the setup process. #### Linux Run the following command to repeat the setup process, and provide the correct hostname ```shell /opt/LithnetAccessManagerAgent/Lithnet.AccessManager.Agent --setup ``` #### macOS Run the following command to repeat the setup process, and provide the correct hostname ```shell /Applications/LithnetAccessManagerAgent/Lithnet.AccessManager.Agent --setup ``` #### Windows Run the following command to repeat the setup process, and provide the correct hostname ```batch "C:\Program Files\Lithnet\Access Manager Agent\Lithnet.AccessManager.Agent.exe" --setup ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.lithnet.io/ams/2.0/help-and-support/support-articles/kb000001.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.